End-of-Life (EoL)

Extended SNMP Support

PAN-OS support for Simple Network Management Protocol (SNMP) now includes the following features. To access the latest MIBs, refer to SNMP MIB Files.
Feature
Description
SNMP Monitoring of Logging Statistics
You can now monitor a broader range of logging statistics, including logging rate, disk usage, retention periods, the forwarding status from individual firewalls to Panorama and external servers, and the status of firewall-to-Log Collector connections. Monitor logging statistics to plan improvements to your log collection architecture, evaluate the health of firewall and Panorama logging functions, and troubleshoot issues such as dropped logs.
The following MIBs enable monitoring for logging statistics:
  • The new panDeviceLogging MIB displays logging statistics for each firewall.
  • New objects in the panLogCollector MIB display logging statistics for each Log Collector.
SNMP Monitoring of Dedicated HA2 Interfaces
For firewalls deployed in a high availability (HA) configuration, you can now monitor the dedicated HA2 interfaces of firewalls, in addition to the HA1, HA2 backup, and HA3 interfaces.
To see SNMP statistics for dedicated HA2 interfaces, use the IF-MIB and interfaces MIB.
Hardware IP Address Blocking
To see the counts of source IP addresses blocked by hardware and software, the firewall supports one updated global counter and two new global counters in the panGlobalCounters MIB:
  • flow_dos_blk_num_entries
    shows the total sum of IP address entries on the hardware block table and Block IP list (blocked by hardware and software).
  • flow_dos_blk_hw_entries
    shows the count of IP address entries on the hardware block table that were blocked by hardware.
  • flow_dos_blk_sw_entries
    shows the count of IP addresses entries on the Block IP list that were blocked by software.
You can view the counters using the CLI, for example:
>
show counter global name flow_dos_blk_num_entries
Packet Buffer Protection
This release introduces new MIBs to track the active connections per second (CPS) for virtual system (VSYS), zone, and interface. Use this information as a guide to help better configure Zone and DoS protection profiles. Each set of MIBs display the active CPS for TCP, UDP, and Other IP connections.
  • VSYS—
    panVsysEntry
    ,
    panVsysActiveTcpCps
    ,
    panVsysActiveUdpCps
    ,
    panVsysActiveOtherIpCps
  • Zone—
    panZoneEntry
    ,
    panZoneActiveTcpCps
    ,
    panZoneActiveUdpCps
    ,
    panZoneActiveOtherIpCps
  • Interface—
    panIfEntry
    ,
    panIfActiveTcpCps
    ,
    panIfActiveUdpCps
    ,
    panIfActiveOtherIpCps

Recommended For You